"The Dog Ate My Blacklist!"

Last Friday, ECAF released an Emergency Measure of Protection Order instructing block producers to cease processing transactions from twenty-seven various accounts in order to divert a possible theft in progress. Today, one particular block producer (eos.store) failed to update their blacklist file that was provided to each block producer in order to carry out the order. This careless action cost one of the twenty-seven account holders 3,570 EOS coins; the equivalent of $28,846 USD at the time of this writing. Finding today's news incredible, I decided to investigate. After posting information on a public form, as I discovered it, within minutes I was contacted by a representative from the eos.store block producer. The following is our conversation.

Essentially, The excuse given was "The Dog Ate My Homework". However, If we dig a little deeper we find out that his story simply doesn't gel:

While talking to him, I quickly received the impression he was a sole proprietor, or at least it seemed that way until I researched his company's website which revealed ten employees working for eos.store, most of them using only their first name.

My professional career has been in forensic accounting for the last twenty-seven years (pure coincidence). Five of those years have been spent investigating multiple cases involving Chinese reverse takeover merger fraud. On the surface, this situation has the potentiality of hitting a little too close to home, but I will refrain until I have completed my investigation at a later date. I will say, spending 27 years conducting investigations into securities fraud, I have the same feeling in my stomach today as I did in each of those cases.

Q: If you were unable to attend the meeting, what were the other nine employees listed on your website doing, and what prohibited them from attending?

As the evening rolled on, the blockchain representative joined an online conversation in which his story seemed to slightly change from just a few hours earlier.

Yes, he actually presented an excuse #4 which was completely different from the prior three excuses. Each excuse being much different than the previous one given. All this begs the question: is eos.store responsible enough to manage the security protocol of potentially billions and billions of dollars?

Article ii of the EOS Constitution states: "Member shall be liable for losses caused by false or misleading attestations and shall forfeit any profit gained thereby."

If ECAF is unable to impose article ii, I hope the EOS community collectively shows these gents, or at least just one gent, the door. Vote wisely.

What article II really says: "Don't scam." It doesn't apply in this situation.

It has been also made clear that all BPs have the right to decline what arbitrators propose for them. Arbitrator's ruling is only a proposal, not something that must be enforced. If a BP refuses to do what arbitrator is asking, the arbitrator can't do anything about it. But voters should vote accordingly, whether they agree with the refusal or not.

Another thing to remember is this, from Dan's latest blogpost: "EOS is designed to focus on restorative restitution rather than punitive retribution."

OK, so now somebody screwed up. The question is not "how we can punish him", but "what he can do to make things right again".

You're correct about article ii, but I'm not certain we agree on BP's having the "right" to decline an arbitrators' "order" (not a proposal).

S. 3.5 Rules for Dispute Resolution:

"The emergency Arbitrator has the AUTHORITY to order or award any interim measures that are deemed necessary. Any Member affected by such orders or interim awards SHALL UNDERTAKE TO COMPLY WITH THEM WITHOUT DELAY."

You may be correct but there's not enough evidence for me to draw a conclusion upon. As you pointed out, it's still a very early stage in the game.

Dan did recommend restorative restitution. Just this morning, he stated it was his personal belief eos.store should make the victim whole again. So far, eos.store agreed to do so upon the condition that they're forced to do so by the community, not out of their willingness for the sake of integrity. Often times when you find one cockroach, another isn't very far away.

So eos.io has given four separate excuses for why they didn't update the blacklist, stated they'd contact the man and make it right, issued a public statement that placed blame on ECAF, then stated they would only make it right with the victim if they are forced to do so.

Did you know that the majority of citizens living in Communist China are more prone to watching a crime being committed than to interject due to fear of being sued for harming the assailant? Fact.

The communication system of ECAF is not perfect for ECAF itself is at preliminary stage. The information of these frozen accounts did not appear in following channels:1. Three Telegram channels: EOSIO Gov, EOS Validation(EMLG) and EOS BP Infrastructure.; 2. Github as the first blacklist did; 3. Zoom video meeting on June 21st. Only in Keybase and EOS 911 could you find this information. Plus current massive fake news, like a fake ECAF arbitration order these days, we did not updated the blacklist in time.

Was the blacklist mentioned on the 21th conference?, maybe they attend but it was not mentioned?, leaving to blame Github, or the Telegram channel, or lack of a proper communication system

The ECAF is still in its infancy. That said, there is really no excuse to what happened here. This BP should be voted out by the community. If they want back in, they have to prove themselves.
In the meantime, the account holder that lost his EOS should be fully refunded by the BP that caused this.

Actually, two of them were missing. Thanks to the persistence of EOS New York, they finally were able to get in touch with genesis-mining, who's currently in the #16 position, and inform them to update their blacklist, which they had not done. So, there's two acts of irresponsibility from companies allowed to oversee your security, that took place.

This is why the way $NEO goes about HAND selecting their validation nodes is far superior. $EOS coin holders vote and Block Producers can fail to get a spot on the validators list, etc etc. They are not hand-picked so who knows what you will get. While delegated Byzantine Fault Tolerance does have it's drawbacks, #NEO 3.0 will rock! soon the Neo Smart Economy will be looking at #EOS through its rearview mirror.

Oh, there is another thing that I urge you to research. If you go by the constitution and the spirit it was written in (as in, all people are essentially good, whatever that word means), the exchange that accepted those tokens is also liable for aiding in theft.

That was my reason for saying that freezing those accounts is unnecessary, just to inform everyone not to accept any transactions involving them, as that opens you personally to liability. That is not censorship from BPs, but self censure in the spirit of the constitution.

I'd also like to urge whoever was that whose account money were moved to go to arbitration against the exchange in question. Blockchain makes it trivial to see which exchange it was (and some exchanges are also Block Producers), so they should know better.

That was my reason for saying that freezing those accounts is unnecessary, just to inform everyone not to accept any transactions involving them, as that opens you personally to liability. That is not censorship from BPs, but self censure in the spirit of the constitution.

good view, not sure if it require more effort, be less o more chaotic

what are the differences between an account that can not send any transactions and a frozen account?

Freeze of the account happens on BP level. That is, there is a command that makes eosio software reject any transactions from that account, but since there are 21 producing BPs that requires running on all of them with an updated list.
But for exchanges to selfcensor, at the start they just needed to send those tx back to that account to block it. Now that there are tools that allow you to create new accounts the situation becomes harder, but the blockchain is transparent so it is doable.

I'd think it is something that is more important than discussing the dress code for the participation in the conference calls.

The problem with this idea, although good in spirit, is that China is a protectionist country and doesn't allow foreign entities to receive judgement against Chinese domiciled businesses. International law is not upheld in communist China. Unless the victim is Chinese, which I've been told he is Korean, he's out of luck.